EldoS | Feel safer!

Software components for data protection, secure storage and transfer

error occured while enabling SSL/TLS on command channel

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#6551
Posted: 06/10/2008 12:33:12
by Dimitris Chronis (Basic support level)
Joined: 06/10/2008
Posts: 4

Hello,
i'm trying to connect to an ftps server with Biztalk secureblackbox. Authentication is done with certificate and auth TLS is used but i get the following error on Biztalk:
Quote
[9/6/2008 5:28 ??] EldoS FTPS Adapter: Adding receiver endpoint
[9/6/2008 5:28 ??] EldoS FTPS Adapter: Start()
[9/6/2008 5:28 ??] EldoS FTPS Adapter: ControlledEndpointTask()
[9/6/2008 5:28 ??] EldoS FTPS Adapter: EndpointTask()
[9/6/2008 5:28 ??] EldoS FTPS Adapter: PickupFilesAndSubmit() RemotePath: CardRsp/ FileMask: *.regf LocalFile: D:\Ingenico\
[9/6/2008 5:29 ??] EldoS FTPS Adapter: SSL protocol error: 75782
[9/6/2008 5:29 ??] EldoS FTPS Adapter: Error: Error occured while enabling SSL/TLS on command channel

Stack:
at SBSimpleFTPS.TElSimpleFTPSClient.EstablishSSLSession()
at SBSimpleFTPS.TElSimpleFTPSClient.Login()
at SecureBlackbox.BizTalk.Adapters.FTPS.FTPSCommon.DoFTPSOperation(IBaseMessage message, AdapterProperties props, Boolean upload, ArrayList fileList)
[9/6/2008 5:29 ??] EldoS FTPS Adapter: PickupFilesAndSubmit() downloaded 0 files.
[9/6/2008 5:29 ??] EldoS FTPS Adapter: PickupFilesAndSubmit() No files to submit
[9/6/2008 5:29 ??] EldoS FTPS Adapter: PickupFilesAndSubmit() Deleting 0 local files


in the server side i get the following error:
Quote
" 550 - -
10.202.2.103 10.202.2.103 root [09/Jun/2008:16:21:15 +0200] "


in the certificate path of the SSL/TLS settings i set the full path to the .pfx file and i have Trust All to yes.

WSFTP works fine

can you help me with this?
#6553
Posted: 06/10/2008 12:53:57
by Eugene Mayevski (EldoS Corp.)

The error code stands for "handshake failure" and can be caused by a number of reasons. The easiest would be for us to attempt to connect ourselves and see what's going on there.

Is the server publicly accessible? You don't need to post address or credentials at the moment, but if it's accessible and you can give some test access, we will move this question to HelpDesk for investigation.

Also, as you mentioned the PFX file, do you need to perform client-side authentication with the certificate? Or what this file is for?


Sincerely yours
Eugene Mayevski
#6555
Posted: 06/10/2008 13:11:47
by Dimitris Chronis (Basic support level)
Joined: 06/10/2008
Posts: 4

pfx file is used for client authentication to the ftps server.

what type of access do you need? server is not internet facing but i can use a pc which has internet access and remote desktop connection to Biztalk server.
#6557
Posted: 06/10/2008 13:36:27
by Eugene Mayevski (EldoS Corp.)

We need not a biztalk server, but FTP(S) server access. In fact, our developers will be able to create a diagnostics application for you which will let you connect to the server and get some more detailed information. The developer will answer in details tomorrow.


Sincerely yours
Eugene Mayevski
#6559
Posted: 06/10/2008 13:45:09
by Dimitris Chronis (Basic support level)
Joined: 06/10/2008
Posts: 4

FTPs server is located on a partner of us. We cannot have console access on ftps server. We can only connect on ftps server from the Biztalk (with WSFTP ftps session or your diagnostics application), and can request connection logs from out partner.
#6565
Posted: 06/11/2008 01:15:09
by Ken Ivanov (EldoS Corp.)

It's a good idea to set up the most liberal configuration for the adapter and try to connect to the server with it. Please use the following values for the SSL-related properties (SSL misconfiguration seems to be a reason for the problem):
* "Use SSL/TLS" to true,
* "Trust All" to true,
* "Clear Data Channel" to false,
* "Auth Command" to Autodetect,
* Enable SSL2, SSL3 and TLS1 versions (leave TLS 1.1 and TLS 1.2 disabled),
* Put the path to your client-side certificate to the "Certificate Path" property and the appropriate password to the "Certificate Password" property,
* Put the SBB license key to the "SecureBlackbox License Key" property,
* Leave anonymous, PSK-, SRP- and IDEA-based ciphersuites disabled,
* Set minimal symmetric key length to 56.
#6567
Posted: 06/11/2008 02:28:40
by Dimitris Chronis (Basic support level)
Joined: 06/10/2008
Posts: 4

i tried these settings but i get the same error. in the "Certificate Path" should i type the path to the .pfx file or the path to the folder that contains the .pfx file?
#6570
Posted: 06/11/2008 02:45:57
by Ken Ivanov (EldoS Corp.)

Let's continue the conversation in the Helpdesk, as Forum does not allow to post big files. I have created a ticket for you.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 11535 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!